nanog mailing list archives
Re: using TCP53 for DNS
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 26 Apr 2005 21:09:20 +0200
* Christopher L. Morrow:
its a both directions thing. Some folks dropped tcp/53 TO their AUTH servers to protect against AXFR's from folks not their normal secondaries.
Ugh. And they didn't think something like "permit tcp any any eq 53 established" was necessary?
Hopefully not. Resolvers MUST be able to make TCP connections to other name servers.It seems that what might be more common is resolver code not handling the truncate request properly :(
Caching resolvers or stub resolvers? Caching resolvers would be quite surprising, but you never know. Certainly, there are some applications which cannot cope with large RR sets (qmail comes to my mind).
Current thread:
- using TCP53 for DNS Patrick W. Gilmore (Apr 26)
- Re: using TCP53 for DNS Florian Weimer (Apr 26)
- Re: using TCP53 for DNS Christopher L. Morrow (Apr 26)
- Re: using TCP53 for DNS Florian Weimer (Apr 26)
- Re: using TCP53 for DNS Christopher L. Morrow (Apr 26)
- Re: using TCP53 for DNS Stephane Bortzmeyer (Apr 27)
- Re: using TCP53 for DNS Christopher L. Morrow (Apr 26)
- Re: using TCP53 for DNS Patrick W. Gilmore (Apr 26)
- Re: using TCP53 for DNS Stephane Bortzmeyer (Apr 27)
- Re: using TCP53 for DNS Florian Weimer (Apr 26)
- Re: using TCP53 for DNS Stephane Bortzmeyer (Apr 27)
- Re: using TCP53 for DNS Nils Ketelsen (Apr 28)